Site Security: Difference between revisions
(Add link reference to CISA) |
No edit summary |
||
Line 3: | Line 3: | ||
---- | ---- | ||
<!-- Delete any sections that are not necessary to your topic. Add pictures/sections as needed --> | <!-- Delete any sections that are not necessary to your topic. Add pictures/sections as needed --> | ||
" | Dams can fail for a number of reasons, including as a result of flooding, equipment malfunction, and operator error; but also deliberate action. Certain characteristics of dams make them an unusually difficult type of facility to protect, particularly against deliberate attack. While critical assets in many other sectors are small or concentrated and can be contained within buildings or protected by fences, dams are often large facilities whose components are not necessarily enclosed within buildings or fenced boundaries. Dams are often located in remote areas and can be approached via land, water, or air. Some are required to provide public access to certain portions of the facility, which can create difficulty in controlling access around critical components. <ref name="REF1">[https://www.cisa.gov/sites/default/files/publications/Dams%2520Sector%2520Crisis%2520Management%2520Handbook%2520FINAL%25202021_508c.pdf Dams Sector Crisis Management Handbook, Cybersecurity and Infrastructure Security Agency, 2021]</ref> | ||
Security is the condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences. Security risk, then, is the potential for an adverse outcome assessed as a function of hazard/threats, assets and their vulnerabilities, and consequences. <ref name="REF2">[https://www.cisa.gov/sites/default/files/publications/dhs-risk-lexicon-2010_0.pdf DHS Risk Lexicon, Department of Homeland Security, 2010]</ref> | |||
Dam security, like dam safety, attempts to reduce the overall risk of consequences occurring at a facility. These consequences, whether seen through the lens of dam security or dam safety, are the same. However, whereas dam safety focuses on reducing the internal risks of a facility by reducing the likelihood of occurrence of a load and the likelihood of an adverse [[structural]] response, dam security looks to reduce external risk due to threats, and the vulnerabilities of facility assets those threats attempt to exploit. | |||
Security risk management is the process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level, considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. Risk management principles acknowledge that, while risk often cannot be eliminated, actions can usually be taken to control risk. <ref name="REF2" /> | |||
Certain risks that rise to national concern are common to entities within a particular sector. These risks include cyber threats from nation-state adversaries, criminal hacktivists and financially motivated cyber criminals; physical threats from Domestic Violent Extremists and Foreign Terrorist Organizations; and intelligence collection by nation-state adversaries looking to position themselves should conflict arise with the United States. | |||
Sector [[Risk Management]] Agencies (SRMAs) serve as day-to-day federal interfaces for their designated critical infrastructure sectors and conduct sector-specific risk management and resilience activities. SRMAs are responsible for day-to-day prioritization and coordination of efforts to mitigate risks within each sector, as part of the broader whole of-government effort coordinated by DHS to secure United States critical infrastructure. DHS is the SRMA for the Dams Sector, with the [[Cybersecurity and Infrastructure Security Agency]] (CISA) charged with executing the SRMA responsibilities. <ref name="REF3"> [https://www.whitehouse.gov/briefing-room/presidential-actions/2024/04/30/national-security-memorandum-on-critical-infrastructure-security-and-resilience/ National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22)], 2024</ref> | |||
To learn more about dam security, see the resources below or reach out to the CISA Dams Sector Management Team at | |||
[mailto:[email protected] [email protected]] | |||
==Best Practice Resources== | |||
* [[Facility Security Plan: An Interagency Security Committee Guide]] | |||
* [[The Risk Management Process: An Interagency Security Committee Standard]] | |||
* [[Federal Energy Regulatory Commission (FERC) Security Plan Template]] | |||
====HSIN-CI==== | |||
[https://www.cisa.gov/resources-tools/resources/hsin-ci-dams-portal The Homeland Security Information Network-Critical Infrastructure (HSIN-CI) Dams Portal] is an information-sharing network that provides situational awareness and allows sector partners to effectively access and disseminate sensitive but unclassified information among federal, state, and local agencies and the private sector. Many useful guides and handbooks are housed here for Dams Sector partners to access and utilize, including: | |||
*Dams Sector Security Awareness Handbook (FOUO) | |||
*Dams Sector Protective Measures Handbook (FOUO) | |||
*Roadmap to Secure Control Systems in the Dams Sector | |||
*Surveillance and Suspicious Activities Indicators Guide | |||
*Dams Sector Cybersecurity Framework Implementation Guide | |||
*Dams Sector Personnel Screening Guide for Owners and Operators | |||
*Dams Sector Waterside Barriers Guide | |||
*Dams Sector Cybersecurity Program Guidance | |||
*Dams Sector Security Guidelines | |||
*Worldwide Attacks Against Dams Vol. 1 and Vol. 2 | |||
To request access to the HSIN-CI Dams Portal, e-mail a completed access request form to [mailto:[email protected] [email protected].] | |||
== | ==Additional Resources== | ||
{{Website Icon}} [https://damfailures.org/lessons-learned/site-security-is-critical/ Learn more about site security at dams at DamFailures.org] | {{Website Icon}} [https://damfailures.org/lessons-learned/site-security-is-critical/ Learn more about site security at dams at DamFailures.org] | ||
{{Website Icon}} [https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/dams-sector Many Dam Security Resources available from the US Cybersecurity & Infrastructure Security Agency] | {{Website Icon}} [https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/dams-sector Many Dam Security Resources available from the US Cybersecurity & Infrastructure Security Agency] | ||
Line 23: | Line 50: | ||
<!-- Revision history information --> | <!-- Revision history information --> | ||
{{revhistinf}} | {{revhistinf}} | ||
<!-- Pages that will be orphaned: | |||
==Considerations Related to Site Security== | |||
*[[Legal Responsibilities (Site Security)]] | |||
*[[Risk Assessment (Site Security)]] | |||
*[[Risk Mitigation (Site Security)]] | |||
*[[Site Security Program Management]] --> |
Revision as of 19:45, 22 November 2024
Dams can fail for a number of reasons, including as a result of flooding, equipment malfunction, and operator error; but also deliberate action. Certain characteristics of dams make them an unusually difficult type of facility to protect, particularly against deliberate attack. While critical assets in many other sectors are small or concentrated and can be contained within buildings or protected by fences, dams are often large facilities whose components are not necessarily enclosed within buildings or fenced boundaries. Dams are often located in remote areas and can be approached via land, water, or air. Some are required to provide public access to certain portions of the facility, which can create difficulty in controlling access around critical components. [1]
Security is the condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences. Security risk, then, is the potential for an adverse outcome assessed as a function of hazard/threats, assets and their vulnerabilities, and consequences. [2]
Dam security, like dam safety, attempts to reduce the overall risk of consequences occurring at a facility. These consequences, whether seen through the lens of dam security or dam safety, are the same. However, whereas dam safety focuses on reducing the internal risks of a facility by reducing the likelihood of occurrence of a load and the likelihood of an adverse structural response, dam security looks to reduce external risk due to threats, and the vulnerabilities of facility assets those threats attempt to exploit.
Security risk management is the process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level, considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. Risk management principles acknowledge that, while risk often cannot be eliminated, actions can usually be taken to control risk. [2]
Certain risks that rise to national concern are common to entities within a particular sector. These risks include cyber threats from nation-state adversaries, criminal hacktivists and financially motivated cyber criminals; physical threats from Domestic Violent Extremists and Foreign Terrorist Organizations; and intelligence collection by nation-state adversaries looking to position themselves should conflict arise with the United States. Sector Risk Management Agencies (SRMAs) serve as day-to-day federal interfaces for their designated critical infrastructure sectors and conduct sector-specific risk management and resilience activities. SRMAs are responsible for day-to-day prioritization and coordination of efforts to mitigate risks within each sector, as part of the broader whole of-government effort coordinated by DHS to secure United States critical infrastructure. DHS is the SRMA for the Dams Sector, with the Cybersecurity and Infrastructure Security Agency (CISA) charged with executing the SRMA responsibilities. [3]
To learn more about dam security, see the resources below or reach out to the CISA Dams Sector Management Team at [email protected]
Best Practice Resources
- Facility Security Plan: An Interagency Security Committee Guide
- The Risk Management Process: An Interagency Security Committee Standard
- Federal Energy Regulatory Commission (FERC) Security Plan Template
HSIN-CI
The Homeland Security Information Network-Critical Infrastructure (HSIN-CI) Dams Portal is an information-sharing network that provides situational awareness and allows sector partners to effectively access and disseminate sensitive but unclassified information among federal, state, and local agencies and the private sector. Many useful guides and handbooks are housed here for Dams Sector partners to access and utilize, including:
- Dams Sector Security Awareness Handbook (FOUO)
- Dams Sector Protective Measures Handbook (FOUO)
- Roadmap to Secure Control Systems in the Dams Sector
- Surveillance and Suspicious Activities Indicators Guide
- Dams Sector Cybersecurity Framework Implementation Guide
- Dams Sector Personnel Screening Guide for Owners and Operators
- Dams Sector Waterside Barriers Guide
- Dams Sector Cybersecurity Program Guidance
- Dams Sector Security Guidelines
- Worldwide Attacks Against Dams Vol. 1 and Vol. 2
To request access to the HSIN-CI Dams Portal, e-mail a completed access request form to [email protected].
Additional Resources
Learn more about site security at dams at DamFailures.org
Many Dam Security Resources available from the US Cybersecurity & Infrastructure Security Agency
Citations:
Revision ID: 8109
Revision Date: 11/22/2024